[Cryptography] Proposal of a fair contract signing protocol

Sidney Markowitz sidney at sidney.com
Mon Jun 27 01:38:49 EDT 2016

mok-kong shen wrote on 27/06/16 9:54 AM:
> Am 26.06.2016 um 10:08 schrieb Sidney Markowitz:
>> This leaves no reason for your protocol to require that contract C is split
>> into separate halves X and Y that are signed separately. You could just as
>> easily write the contract to say "Alice and Bob agree to this transaction
>> subject to this contract being signed by both Alice and Bob" and then have
>> both Alice and Bob "promise" to sign it conditional on the other person
>> signing it. If you do that, then a single signature provides the simultaneous
>> commitment that you require for "fairness", according to your definitions.
>> This protocol puts all the power into the "promise" which binds Alice, but you
>> never define how a binding promise can be made without the promise itself
>> being a contract that has to be put into effect in a "fair" fashion. That
>> leads to an endless recursion.
> I wrote: "The messages of step 1 and 2 are to be sent with
> signcryption, .....", i.e. that promise is signed by Alice.
> M. K. Shen

You never mentioned that the promise is what is signed in step 1. You said
that Alice only signs X in step 1 and promises to sign C = X | Y if Bob signs
it in step 2. How could Alice sign a promise to sign X and Y if what she signs
only includes X? And if Alice does have to sign "I promise to sign Contract C
= X | Y within time T1 after Bob signs Contract C if he signs within time T2"
and she is bound by that, then that promise is an unfair contract by your


More information about the cryptography mailing list